Educause Security Discussion mailing list archives

Re: Microsoft BitLocker

From: "Clementz, Todd" <clementz.7 () OSU EDU>
Date: Tue, 29 Nov 2011 18:49:11 +0000

We have had Bitlocker deployed for a few years now with minimal issues.  On a few very rare occasions, we have had the 
machine boot and prompt for the code.  When this has happened, I have just re-encrypted the machine and all is well.  
Are you deploying chipset software on machines through WSUS that might over wright BIOS information?  We have 60ish 
deployed with varying models and types.

Todd Clementz
Systems Engineer
Knowlton School of Architecture
The Ohio State University
Direct Line: 614.292.8544
Helpdesk: 614.292.8612
Http://Support.knowlton.ohio-state.edu

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Matt 
Giannetto
Sent: Tuesday, November 29, 2011 1:44 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Microsoft BitLocker

We're experiencing a very frustrating issue with Microsoft BitLocker on our Dell Latitude E-Series laptops.  The 
problem is that occasionally and for no discernable reason, the TPM module for the laptop gets disabled in the BIOS.  
This causes the system to prompt for a BitLocker Recovery Key at boot, rendering the system useless until the user 
contacts the help desk.

I'm hoping to compare notes with other institutions that are using TPM with hard drive encryption so we can try to 
isolate a cause for our problem.  For anyone using hard drive encryption (BitLocker or otherwise) with TPM, would you 
mind giving me a little info about your deployment and experiences?

*         What laptop make and model do you use?  Approximately how many are in your environment?

*         What hard drive encryption technology are you using?

*         Have you experienced the problem describe above, where the TPM module of the system is disabled for no 
apparent reason?

*         How long have you had hard drive encryption deployed?

If anyone has any recommendations in troubleshooting this issue, I'm eager to hear it.  Thank you for your time and 
insight.

Thanks,

Matt Giannetto
Director of IT Security
Montgomery County Community College
mgiannetto () mc3 edu<mailto:mgiannetto () mc3 edu> | (215) 619-7442

The Internet is a dangerous place.
Be suspicious.  Be aware.  Think security.
www.mc3.edu/security<http://www.mc3.edu/security>


________________________________
Montgomery County Community College is proud to be designated as an Achieving the Dream Leader College for its 
commitment to student access and success.

Current thread:

Microsoft BitLocker Matt Giannetto (Nov 29)
- Re: Microsoft BitLocker Clementz, Todd (Nov 29)
- Re: Microsoft BitLocker Valdis Kletnieks (Nov 29)
- Re: Microsoft BitLocker Chuck Thomas (Nov 29)